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(57) 

A system of distributed group management for generating 
authentication information relating to a group to which users 
belong at a high speed on a client side and, at the same time, 
wherein a server side can verify this at a high speed. This 
system provides a group certificate issuing apparatus for 
issuing a group certificate on a client side based on original 
group information including the name of the group to which 
the users belong and a group certificate verification unit for 
verifying a legitimacy of the certificate transmitted from the 
client side in a server. Here, the group certificate issuing 
apparatus adds an issuance side processed value obtained by 
processing the information of the original group information 
by a cryptographic function to this original group informa- 
tion to obtain a group certificate, and the group certificate 
verification unit processes part of information included in 
the received certificate by an identical cryptographic func- 
tion to obtain a verification side processed value and per- 
forms an authentication by confirming that the issuance side 
processed value and the verification side processed value 
coincide. 
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BACKGROUND OF THE INVENTION 
1. Field of the Invention 

The present invention relates to a system for distributed 
group management for management of security of informa- 
tion relating to users and groups to which the users belong 
at the time of distributed processing among a plurality of j 
computer systems. 

Along with the advances made in computer networks in 
recent years, a demand has arisen for processing for transfer 
of information distributed among a plurality of computer 
systems, that is. remote processing. At the time of such l 
remote processing, a management lor authentication and 
management lor authorization based on the authentication, 
that is, security management, are indispensable. 

On the other hand, looking at authorization, when there 
are many users requesting remote processing, the general 2 
practice has been to set a plurality of groups each including 
predetermined users in the computer system. These corre- 
spond to the groups explained above. This makes it possible 
to extremely effectively manage authorizations of many 
users, for example, authorization for reading files and autho- 2 
nzation for reading/writing files. 

Note that the concept of a "group" has been widely known 
under the terms "role" or "privilege". In the present inven- 
tion, the term "group" will be used to represent these terms. 
This is because no matter what term used, the basic nature 3i 
is the same, i.e., a plurality of users can belong to one group 
(in certain cases, one user can belong to a plurality of 
groups). 

Almost all current authentication systems used for secu- 
rity management authenticate by means of (i) using secret 3; 
information such as a password or secret key information, 
(ii) devising a special physical structure and issuing an 
article difficult to forge such as an 1C card, or (iii) utilizing 
physical characteristics enabling identification of a specific 
person, for example, fingerprints or retina patterns. 4C 

However, there are problems when trving to use each of 
the means ol authentication shown in the above (l) to (in) as 
they are directly for the authentication of a group. For 
example, it is extremely difficult to commonly share the 
means of authentication by the plurality of users comprising 45 
a group. Also, there is an inconvenience that when a user 
leaves the group, it is also extremely difficult to retrieve the 
means ot authentication irom the user. 

In order to deal with this, use has been made of a security 
management technique comprised of a two-tier model, i.e., so 
first authenticating the individual user by the means ot 
authentication shown m the above (l) to (in), then separately 
managing to which groiro the user belongs, fhis model is 
used m many computer systems, lor example, lor UNIX 
users and groups. 55 

The present invention concerns a security management 
techniauc relating to autnentication as described above. 

2. Description ol the Related Art 

Ihe conventional standard UNJA has the concepts ot 
users rid groups but thtst grrups txist lotallj iti the i > 
corresponding servers. Accordingly, there is the disadvan- 
tage that n user requesting tisaee ol authorization shared bv 
this group must hrst be authenticated as the user by him jor 



hei i 



o the a 



)t of u 



manage a user/authentication information table, a user/group 
correspondence table, and a user/authorization correspon- 
dence table ai a single N1S server for users of the plurality 

However, even if that information sharing management 
technique is used, close communication must be guaranteed 
between the server and the NiS server, so this NIS server 
must be treated more like a server than a client from the 

> viewpoints of the main entity in charge of security manage- 
ment and the structure of the organization. Also, even if that 
information sharing management technique is used, there is 
still the accompanying disadvantage explained above that 
the individual users must be authenticated. 

As one of the techniques for dealing with the above 
disadvantage that the individual users must still be authen- 
ticated in this way. the technique of indirect authentication 
has been known. As one system incorporating such an 
indirect authentication technique mainly into a UNIX sys- 

i tern, a distributed authentication system referred to as "Ker- 
beros" has been proposed in Reference 1 (John Kohl and B. 
Clifford Neuman, The Kerberos Network Authentication 
Service (Version 5). internet Request for Comments Rl'C- 
3 510. Scpiembia 1993). 

in mis Kerberos distributed auiheuticaiiun system, not tin- 
server performing remote processing, but another server 
referred to as a ticket server centrally directly authenticates 
users. After the direct authentication, the ticket server issues 
a ticket to each user. In this mechanism, the user presents the 
issued ticket to the original server to indirectly be authen- 
ticated. Such a mechanism is realized by a cryptographic 

Further, it is proposed to include group membership 
information in an extension field of Kerberos Version 5 in 
Reference 2 (B. Clifford Neuman, Proxy-Based Authoriza- 
tion and Accounting for Distributed Systems, in Proceedings 
of the Thirteenth International Conference on Distributed 
Computing Systems, pages 283-291, May 1993). 

Under the above background, the known related art will 
be explained later by using FIG. 48 and FIG. 49. FIGS. 48 
and 49 are views of a conventional system of distributed 
group management. As will be explained later by using these 
figures, there is the following problem. 

An encryption function unit (34') shown in the figure 
encrvpts an original ticket (TC) by using a secret key. 
Accordingly, it is extremely difficult lor a malicious third 
party to eavesdrop the original ticket (TC) unless knowing 
the secret key. so the security is secured. 

However, in general, the processing speed lor the encryp- 
tion is slow, so a considerable processing time is required. 
For this reason, there is a problem that the indirect authen- 
tication of the group cannot be carried out at a high speed. 

SUMMARY OF THE INVENTION 

An object ol the present invention is to. m view of the 
above problem, provide a system ol distributed grouo man- 
agement capable oi raising the speed oj indirect authenti- 

lo attain the aoove object, a system of distributed group 
management according to the present invention is provided 
with a group certificate issuing apparatus (3> lor issuintt a 
eroup certificate (GCj on a client (2 1 side based on original 
group information including a name ol a group to which a 
user belongs and a group certificate verification unit (12) for 
\uij\114. ie^nuriacv of a groiip cemucaiL u( uansmnietl 
Irom the client (2) side in a server (J). Here, the group 
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cessed value obtained by processing the information of the 
original group information by a cryptographic function to 
(his original group information to obtain a group certificate 
(GC). The group certificate verification unit (12) processes 
part of the information included in the received certificate 
(GC) by an identical cryptographic function to obtain a 
verification side processed value and performs the authen- 
tication by confirming that the issuance side processed value 
and the verification side processed vaiue coincide- 
Thus, the system of distributed group management can 
generate authentication information relating to a group to 
which users belong on the client side at a high speed and, at 
the same time, verify this on the server side at a high speed. 

BRIEF DESCRIPTION OF THE DRAWINGS 



The above object and features of the present : 
will be more apparent from the following description of the 
preferred embodiments given with reference to the accom- 
panying drawings, wherein: 

FIG. 1 is a view of a fundamental configuration of a 
system of distributed group management according to the 

FIG. 2 is a view of basic steps of the method of distributed : 
group management according to the present invention; 

FIG. 3 is a first part of a view of a first embodiment 
according to the present invention; 

FIG. 4 is a second part of a view of the first embodiment 
according to the present invention; : 

FIG. 5 is a first part of a view of an example of an overall 
configuration to which the first embodiment according to the 
present invention is applied; 

FIG. 6 is a second part of a view of an example of the 
overall configuration to which the first embodiment accord- - 
ing to the present invention is applied; 

FIG. 7 is a view of an example of a d 
password storage means 21; 

FIG. 8 is a view of an example of the c 
user-group mapping storage means 32; 

FIG. 9 is a view of an example of the data sti 
group secret information storage means 33; 

FIG. 10 is a view of an example of the data s 
a group secret information storage means 13; 

FIG. 11 is a view of an example of the data structure in 
a group-authorization mapping storage means 15: 

HG, 12 is a view oi a concrete method of generation of 
a group certificate GC according to the first embodiment: 

HG. 13 is a view of a concrete method ol verification of . 
the group certificate GC according to the first embodiment; 

HG. 14 is a first part ol a view of the flow oi the overall 
[. u b,ii fe dccuidmg ii tin. fijii cmt oumicm 

HG. 15 is a second part oi a view ol the flow ol the overall 
processing according to the lirst embodiment: 

•i the flow ol operation ot a group 



urJm 



Utile: 



according to the present invention: < 

FIG. IS is a second part ol a view oi the second embodi- 
ment according to the present invention; 

HG. 19 is a view oi a concrete method oi generation of 
a moQiheo group certifieaie iiog-m request) GC.'; 

HG 20 is . view ol i concrete method of vciiftuition oi < 
mod 1^1 wot, .,tc 1 tin CC ,» tK 

second embodiment: 



FIG. 21 k a vie* of an e> ample- r.j (he data held in a 
modified group certificate (log-in request) storing unit 14: 

FIG. 22 is a first part of a view of the flow ol the overall 
processing according to the second embodiment: 
' FIG. 23 is a second part of a view of the flow of the overall 
processing according to the second embodiment; 

FIG. 24 is a first part of a view of the flow of operation 
of the modified group certificate (log-in request) verification 
unit 12; 

' FIG. 25 is a second part of a view of the flow of the 
operation of the modified group certificate (log-in request) 
verification unit 12; 

FIG. 26 is a first part of a view of a third embodiment 
. according to the present invention: 

FIG. 27 is a second part of a view of the third embodiment 
according to the present invention; 

FIG. 28 is a view of a concrete method of generation of 

) FIG. 29 is a view of a concrete method of verification of 
the server reply "rep" on the client side; 

FIG. 30 is a first part of a view of the flow of the overall 
processing according to the third embodiment; 

FIG. 31 is a second part of a view of the flow of the overall 
processing according to the third embodiment; 

FIG. 32 is a first part of a view of a fourth embodiment 
according to the present invention; 

FIG. 33 is a second part of a view of the fourth embodi- 
ment according to the present invention; 

FIG. 34 is a view of the flow of the overall processing 
according to the fourth embodiment; 

FIG. 35 is a first part of a view of a fifth embodiment 
according to the present invention: 

FIG. 36 is a second part of a view of the fifth embodiment 
according to the present invention; 

FIG. 37 is a view of an example of the data in a log file 
48 in a group certificate issuing apparatus 3 of the fifth 
embodiment; 

FIG. 38 is a view of an example of the data in a log file 
47 in a server 1 of the fifth embodiment; 

FIG. 39 is a first part of a view of a sixth embodiment 
according to the present invention; 

FIG. 40 is a second part of a view of the sixth embodiment 
according to the present invention: 

FIG. 41 is a view of an example of a certificate ID Cid 
basea on the sixth embodiment: 

FIG. 42 is a first part ol a view of a seventh embodiment 
according to the present invention: 

HG. 43 is a second part ol a view ol the seventh 
embodiment according to the present invention: 

user-group mapping storage means 32 based on the seventh 
embodiment: 

I lG. 45 is u view of an example of the data in a group 
nj~ fii. itt k.nr r«irj m, nng ami 52 cinpn ved m tne seventh 
embodiment: 

HG. 46 is a first part of a view oi the flow ol the overall 
processing according to the seventh embodiment: 

FIG. 47 is a second part oi a view of the flow ol the overall 
processing according to the seventh embodiment: 

ol distributed group management: and 

svstem ot distributed «roup manaflemem. 
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Before describing the embodiments of the present inven- 
tion, the related art and the disadvantages therein will be 
described with reference to the related figures. 

FIGS. 48 and 49 are first and second parts of a view of a 
conventional system of distributed group management. 

Tlte system shown in these figures represents a system 
configuration obtained by adding a function for certifying 
group membership to the Kerberos system disclosed in 
Reference 2. Note that the system is illustrated in a fashion 
enabling comparison with the system configuration of the 
present invention explained later. 

Referring to Reference 2, a ticket includes information of 
the user name of the personal user (U) other than the group 
membership information, but the server 1 side does not 
always use the user name. It can apply authentication and 
authorization just by the group membership information. 
Therefore, FIGS. 48 and 49 do not show information relat- 
ing to the user U which can be held by the server 1. 

By incorporating the group membership information into 
the mechanism of the indirect authentication explained 
above in this way, the user groups can be centrally managed, 
separately from the server 1. Due to this, a system of : 
distributed group management eliminating the need for 
registration of the personal users (U) in the server 1 is 
realized. 

The system shown in FIGS. 48 and 49 will be explained 
in more detail below. 

In the figure, reference numeral 10 represents a system of 
distributed group management. This is comprised of a server 
1, a client 2. and a ticket server 3'. These components 1, 2, 
and 3' can communicate with each other via a network 4. . 

Usually there are a plurality of clients 2 (only one is 
shown in the figure for simplification, same below). In 
addition, a large number of users U request remote process- 
ing to the server 1 via these clients 2 and network 4. 

A table indicating group membership, that is, to which A 
group each user belongs, is centrally held by the ticket server 
3' for all users. In the figure, a user-group mapping storage 
means 32 functions as the table. 

When a user U requests remote processing to the server 1 
via the client 2, the user U first requests the issuance of the 4 
ticket IC to the ticket server 3'. Note that illustration of the 
path lor this request is omitted (same in following figures). 
When the ticket server 3 1 receives the request and acknowl- 
edges the fact that the user belongs to for example a ""group 
2 among lor example a group 1 to group 4 (registered m 
the means 32 m advance) Iroin the user-group mapping 
storage means 32. it issues the ticket TC including this 
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ticket 



1 1, to request the remote processing. 
Ijpon receipt ol this, the server 1 authenticates the related 



whether o: 



j deu 



5. At the time of this 
verifies the received 
ticket TC. 

processing request lor the group 2 by the verification ot 
this ticket IC, the server i reiers to a group-authorization 
mapping storage means 15 ana executes the related remote 
processing within the authorization li the authorization 6 
p<_ ni'cJkrtlc sup 2 <■ ' rc\i"pV >i'> »uu11ki 
tile (registered in advance). 



the ticket server 3' cooperates with a group secret lnforma- 

ittiunuauun (»cv.-ici cudes; imparled for every group in 
j advance with respect to each other m order to further raise 
security. Also, a ticket storing unit 14' temporarily stores and 
holds the received ticket TC. This held information is used 
for deciding w nether or not a request is a remote processing 
request made by a malicious third party. 
:u Assume that such a malicious third partv covertly views 
the ticket 1 C irom the user on lor example the network 4 and 
tries to alter "group 2' to "group 3" (assume that the 
authorization given to the "group 3" is for example "both 
read from file and write to file"). Then, the content of the file 
5 may be rewritten by the malicious third party. 

Occurrence of such a situation must be prevented as much 
as possible for security management. An encryption function 
unit 34 is provided m the ticket issuing unit 31' for this 
purpose. Here, the ticket TC is encrypted by using a secret 
0 code as a secret key and then returned to the client 2. 

The encrypted ticket TC is transmitted to the network 4. 
The server 1 receiving this decrypts the ticket TC in a 
decryption function unit 1 6' by using the secret code as a 
secret key and returns this to the original ticket TC. Such 
5 encryption greatly improves the security. 

As already explained, the encryption function unit 34' 
encrypts the original ticket TC with the secret key. Accord- 
ingly, unless the malicious third party knows the secret key, 
it is extremely difficult to covertly view the original ticket 
3 TC, so the security is secured. 

However, in general, the processing speed for the encryp- 
tion is slow, so a considerable processing time is required. 
For this reason, there is the above problem that the indirect 
authentication of the group cannot be carried out at a high 

Accordingly, the present invention provides a system of 
distributed group management capable of solving the above 
problem and raising the speed of indirect authentication of 
a group. 

Below, the present invention will be explained in further 

FIG. 1 is a view of a fundamental configuration of the 
system of distributed group management according to the 
present invention. Note that the same reference numerals or 
symbols are attached to sumlar components throughout all 

In the figure, reference numeral 10 represents the system 
ol distributed group management. This system 10 indirectlv 
authenticates the membership of a user lima group in order 
to manage the security of the client 2 on the user (U) side and 
the server 1 executing a remote processing request irom the 
i ci side muci picdiJtnjiiiKu uuihunzdtjon assigned fur 
every group. 

This system 10 is comprised ot the server 1. client 2 
group certificate issuino apparatus 3. and the network 4 
pr \idcd li mutik.1 communications <uiiong thtiu Further 
the server 1 side is provided with the group certificate 

fhe group certificate issuing apparatus 3 issues a group 
certificate GL on the client 2 side based on original group 
information OR including the name of sroup to which 
related user belongs when there is a remote processing 
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issuance side processed value obtained by processing infor- 
mation of the original group information GR by a crypto- 
graphic ioncuon tu tijjs original group mivriimuuu OK and 
defines this as the group certificate GC. Also, the group 
certificate verification unit 12 processes part of the infor- 
mation included in the received group certificate GC by an 
identical cryptographic function to obtain the verification 
side processed value and authenticates by confirming that 
these issuance side processed value and verification side 
processed value coincide. 

The system for distributed group management 10 of the 
present invention can also be understood as a method for 
distributed group management explained next. 

FIG. 2 is a view of basic steps of the method of distributed 
group management according to the present invention. 

As shown in the figure, this method is comprised of a first 
step SI , a second step S2, and a third step S3 . This method 
is a method of distributed group management for indirectly 
authenticating the membership of a user U in a group for 
security management with respect to the client 2 on the user 
(U) side and a server 1 executing a remote processing 
request from the user side based on predetermined authori- 
zation assigned for every group. 

(i) At the first step SI, when there is a remote processing 
request, the client 2 side processes the original group infor- 
mation GR including the name of group to which the related 
user U belongs by a cryptographic function and issues a 
group certificate GC obtained by adding the obtained issu- 
ance side processed value to the original group information. 

(ii) At the second step S2, the server 1 side processes the 
information of the received group certificate GC by the 
identical cryptographic function to obtain the verification 
side processed value. 

(iii) At step S3, the server 1 side compares the verification 
side processed value and the received issuance side pro- 
cessed value and authenticates by confirming that they 
coincide. The legitimacy of the group certificate GC trans- 
mitted from the client 2 side is verified in the server 1. 

Conventionally, as already explained, message data (cor- ■ 
responding to the ticket TC) including the information of the 
group name etc. is encrypted by a secret key to obtain a 
cryptogram. Then, the cryptogram transmitted from the 
client side is decrypted by the secret key on the server side 
to reproduce the original message data. Namely, large scale ' 
processing is performed to convert the original message data 
to a completely different cryptogram for transmission and to 
convert the received cryptogram back to the original mes- 
sage data. For this reason, considerable time has been 
required for both generation and verification of a ticket TC. 5 

Tne present invention, however, does not convert the 
message data including the group name etc. to completely 
different data. Accordingly, i! does no! have to return this to 
the original message data again either. For this reason, the 
message data to be transmitted is substantially raw data as it 5 
is. The issuance side processed value obtained by processing 
me message data to be transmitted by a cryptographic 
function is simply added to this message data. The reception 
side merelv processes tne message data by tne identical 
cryptographic function to individual^ generate the verin- (, 
cation side processed value and only verifies whether or not 
these processed values coincide. If they do not coincide, it 
can be deduced that the message data was partially tampered 
with by a malicious third party during the time from the 
transmission of the message data from the client side to the t: 
K'ception ou the server side. Accoid,itg'>. the server i doe.-> 



As a preferred example of the cryptographic junction 
described above, a cryptographic hash function can be 
mentioned. This function is realized by a simple algorithm. 
The iuiiowing explanation wiii be given by iakmg this 
5 cryptographic hash function (hereinafter, also simply 
referred to as a "hash function") as an example. In this case, 
this hash function per se is already known, so there is 
undeniably a possibility of malicious reproduction of the 
issuance side processed value. As an example for reliably 
to dealing with such a concern, secret information can be 
utilized. The system of distributed group management of the 
present invention where this secret information is utilized 
can be comprised as follows. 

Referring to FIG. 1 again, the group certificate issuing 
is apparatus 3 includes the secret information assigned to a 
group in the original group information GR and performs 
processing by the cryptographic function (hash function). 
Also, the group certificate verification unit 12 includes the 
secret information assigned to the group in part of the 
20 information included in the received group certificate and 
performs the processing by the cryptographic function (hash 
function). Here, the group certificate issuing apparatus 3 and 
the server 1 commonly share the same secret information for 
identical groups. 
25 When comprising the system in this way, the secret 
information is held only by the apparatus 3 and the verifi- 
cation unit 12. Therefore a third party does not know this 
secret information and cannot acquire the identical issuance 
side processed value (hash value). In this case, it is impos- 
30 sible to reproduce the content of the original group certifi- 
cate from an eavesdropped hash value. This is another 
advantage of employing a hash value. Note that the follow- 
ing explanation will be given by taking as an example the 
case where the secret information is used. 
[First Embodiment] 

FIGS. 3 and 4 are parts of a view of a first embodiment 
according to the present invention. 

Note that, after this first embodiment, an explanation will 
w be given of a second embodiment to seventh embodiment. In 
each embodiment, the group certificate issuing apparatus 3 
and the group certificate verification unit 12 in the server 1 
are basically configured as follows: 

The former (3) is a group certificate issuing apparatus 
is comprising a system of distributed group n 
indirectly authenticating the membership of a 
group for security management with respect to the client 2 
on the user side and the server 1 for executing the remote 
processing request from the user side under predetermined 
;o authorization assigned for every group. The characteristic 
feature thereof resides in a point of providing an issuance 
side processor (34) for issuing the original group informa- 
tion GR including the name of the group to which the related 
user belongs when there is a remote processing request and, 
5 at the same time, adding issuance side processed value 
obtained by processing the information of this original group 
information GR bv a cryptographic function (hash function) 
to this original group information GR to obtain the group 
certificate GC. 

t, On the other hand, the latter (12) is a group certificate 
verification unit similarly comprising a system of distributed 
group management for indirectly authenticating the mem- 
bership of a user U to a group for security management with 
respect to the client 2 on the user side and the server 1 lor 

> executing the remote processing request from the user side 
under predetermined authorization assigned for every group. 
The characteristic feature thereof resides m the point that a 
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verification side processor (16) for processing the informa- 
tion included in the group certificate GC received from the 
client 2 side by a cryptographic function (hash function) to 
generate « verification side piuicssud t-aiuc is included on 
the server 1 side. Tine authentication is carried out by ■ 
confirming that the issuance side processed value included 
in the received group certificate GC and the above verifi- 
cation side processed value coincide. 

Referring to FIG. 3 and FIG. 4, the server 1 and a plurality 
of clients 2 (only one is shown for simplification) are l 
connected by the network 4. The server 1 has the authenti- 
cation function unit 11, group certificate verification unit 12, 
group secret information storage means 13. group certificate 
storing unit 14, and the group-authorization mapping storage 
means 15. l 

The group certificate issuing apparatus 3 is connected to 
the network 4 and has a group certificate issuing unit 31, 
user-group mapping storage means 32, and group secret 
information storage means 33. 

The group certificate issuing apparatus 3 and the server 1 
share a part of a name space for the names of groups and 
hold values corresponding to each other as the secret infor- 
mation of the groups assigned !o the names of groups shared 
in this way in the group secret information storage means 33 
of the group certificate issuing apparatus 3 and the group "' 
secret information storage means 13 of the sen'cr 1. Also, it 
is assumed that the group certificate issuing apparatus 3 and 
the server 1 have unillustrated clock functions and that the 
two are synchronized completely or within a small range of 
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using the first embodiment to the seventh embodiment 
explained later become similar to that shown in FIG. S and 
FIG. 6. 

in FIG. 5 and FIG. 6, computer systems of an organization 
A and an organization B are connected by the network 4, the 
group certificate issuing apparatus 3 is managed by the 
organization A, and the server (server name is described as 
"server X") 1 is managed by the organization B. 

The server 1 is provided with a user password storage 
means 17, a user-authorization mapping storage means 18, 
and a user-group mapping storage means 19 for the users in 
its own organization B. The users of the organization B are 
registered in them. A user of the organization B transmits its 
user name and authentication information in the server 1 
from the client 5 in its own organization B via a line L3 and 
requests remote processing after receiving the authentica- 

Contrary to this, the user of the organization A is not 
registered in the storage means 17, 18, and 19 in the server 
1, so asks the group certificate issuing apparatus 3 in its own 
organization A. to issue the group certificate GC via a line LI 
and transmits this to the server 1 via a line L2 to be able to 
request the remote processing. 

Namely, a user of the organization B requests remote 
processing by the conventional method, while a user of the 
organization A can request remote processing by the group 
certificate GC even if each user information (user name, 
password, authorization, etc.) is not registered in the server 
1 of the organization B. 

, . . . FIG. 7 is a view of an example of the data structure in a 

registered m the group certificate issuing 35 password storage means 21. 

e oroim certificate issinno armnrntns 3 sn as -™ . ^„ . 

This storage means 21 is provided m the group certificate 
issuing apparatus 3 shown in FIG. 5. The stored data is 
comprised of sets of user names in the related organization 

A, for example, user A, user B, . . . and passwords corre- 
sponding to the users, for example, password A, password 

B, ... It is assumed that the password is shared between each 
user and the apparatus 3 in secret. 

FIG. 8 is a view of an example of the data structure in the 
user-group mapping storage means 32. 

This storage means 32 is provided in the group certificate 
issuing apparatus 3 shown in FIG. 3 and FIG. 5. The stored 
data is comprised of sets of user names, for example user A, 
user B. . . . and group names assigned to the users, for 
example group 3, group 1, . . . 

The group certificate issuing apparatus 3 can centrally 
manage the distributed groups not only with one server X, 
but also with a not illustrated server other than the server X. 
Therefore, in this example, in the item of the user name, the 
set ot the sen'er name and the user name in its own 
organization A is described. Further, also for the name of the 
group, the server name is imparted in order to clarify in 
which server the aroun name is stored. 
FIG. 9 is 



At the time of a request for remote processing by the u: 
U of the client 2 to the server 1, first the user U transmits I 
name of the server 1 to be connected (server name) and 



apparatus 3 to the group certificate 

to request the issuance of the group certificate GC (this 
process is not illustrated as arrow in FIG. 3). The group 
certificate issuing unit 31 in the group certificate issuing 
apparatus 3 receives this, uses the name of the group 
assigned to the user obtained by the user-group mapping 
storage means 32, the secret information assigned to the 
group obtained by the group secret information storage 
means 33, and valid term information calculated from the 
present time (the valid term being the period for which the 
assigned authorization of a group is used) as the original 
group information GR. processes these values (processes the 
hash function, etc.) bv a hash function unit 34 forming the 
issuance side processor, and thereby prepares the group 
certificate GC. Then, it returns this to the client 2. 

The client 2 receiving the group certificate GC transmits 
this via the network 4 to the server 1. At the server 1. the 
group certincate verification unit ll venues me legitimacy 
ol the received s.roup certificate GC by using the group 
secret information storage means 13 and the group certifi- 
cate storing unit 14. If it is legitimate, it stores the group 
teitiriLjtt v C in ti.e gioup ce<t,ficat<- Moiuig unit 14 Tbt>. 
verification is carried out bv the hash junction unit 16 
f mi.igihcvurfwtHi Mdtj .o^ si. uiseJou the i^siiJt< f 
the hash Junction processing. 

Upon the success of the verification, the authentication 
Junction unit 11 renards the authentication as complete, 
checks the group indicated in the group certificate GC in the 
group-authorization mapping siorage means 15. and recog- 
nizes the authorization given to this group. The remote < 

executed within tfle range ol this 
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:s a temporary password "temp". 



the group secret information storage means 13. 

This storage means 13 is provided in the server (server X) 
shown m FIG. 4 and FiG. 6. The stored data is comprised of 
seis oi trie names ol groups iianaied by tne server (server X i 
itself and the secret information assigned to the groups. Each 
set is held in common with the group secret information 
storage means 33 in the group certificate issuing armaratos 
3 as explamea above. 

Note that, as the names of the groups in the left column 
of the table of FIG. 10. the server name is given in the group 
certificate issuing apparatus 3, but in the server 1, it is i 
self-evident that the server name to be given is its own name 
(server X here), so it is omitted. 

FIG. 11 is a view of an example of the data structure in 
the group -authorization mapping storage means 15. 

This storage means 15 is provided in the server (server X) 2 
1 shown in FIG. 4 and FIG. 6. The stored data is comprised 
of sets of the names of groups and the authorization assigned 
to the groups. In the example of the figure, the authorization 
is comprised of sets of ihe names of the remote processing 
object and the type of the processing content permitted for 2 
the processing objects. In this example, the processing 
object is the file name, and the processing content is "r" 
representing a read operation and "w" representing a write 
operation. Namely, "r" represents permission for a read 
operation, "w" represents permission for a write operation, 31 
and "-" represents no permission. 

Note that, permission or no permission of a read and write 
operation of a file is only one example of the remote 
processing authorization. The invention is not limited to this. 
As another example, there also exists permission or no 3; 
permission of the use of a printer. Also, the invention is not 
limited to permission or no permission. The type of setting 
designating the mode of operation at the time of remote 
processing for every user and group is included in this 
remote processing authorization. 40 

Next, a detailed explanation will be given of the group 
certificate GC (FIG. 1, FIGS. 3 and 4, FIGS. 5 and 6, etc.) 
as one of the characteristic features to be noted in the present 
invention. 

FIG. 12 is a view of a concrete method of generation of 45 
the group certificate GC according to the first embodiment. 
In the following explanation, a case where the user U (user 
B) requests the issuance of the group certificate GC for ihe 
remote processing jn the server 1 (server X) is assumed. 
Further, it is assumed that the group 1 is assigned lo the user ^0 
B. 

First, original group information GR comprised oi three 
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5 referred to as a cryptographic hash 
junction and has cryrjtographic and/or computational one- 
wayness (that is, it is easy to find v=Hm from x. but it is 
1 verv difficult to find x Irom v=H(x>) and a collision-free 
property (mat is, forgiven x. it is impossible or very difficult 
to find a value of z other than x resulting in H(x)=H'z)"i As 
such a hash function, MD5. SHA1. etc. can be mentioned 
"» grojp '-emrcj'e C'_ - ib\ ned k v c> mrimng the 
nasn value, mat is, tne temporary password "temp", with the 
group name "group 1" and the valid term information 
"timestamp" the same as those of the original group infor- 
mation GR. The group certificate issuing apparatus 3 shown 
in FIG. 3 and FIG. 5 returns the group certificate GC to the 



-B). 



timestamp" and the secrel 
secret J ot a group are combined bv a certs 
method (reproducible method on the receptio 
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n reversible 5 
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!" here. 

Next, a temporary password 'temp is generated by 
jpp'Mig i niJtOjj- piuc ha h ft ^.uoi, H v the iiignia! 
group information GR. In the example of the figure, each <■ 
value is expressed by a character iraui the server name is 
imparted to the group name, and the valid term information 
is jormed by arranging information oj the date and the "hour 
<nd 11 w of th» tint b\ tv c a itinu b t i« no 1 1 Wed 
to this. Also, the secret information is obtained from the f, 
: group 



As explained above, in the group certificate issuing appa- 
ratus 3 according to the first embodiment, the issuance side 
processor (hash function unit 34) centrally processes at least 
the group name and the secret information unique to that 
' group by the hash function H, regards the obtained issuance 
side processed value (hash value) as the temporary password 
"temp", and generates the group certificate GC from at least 
the group name and temporary password. 

FIG. 13 is a view of a concrete method of verification of 
the group certificate GC according to the first embodiment. 

The group certificate GC on the server 1 side is verified 
by confirming if the same result is obtained by the genera- 
tion of the group certificate GC from given information in 
the same way. Namely, the group name and the valid term 
information are fetched from the received group certificate 
GC. the secret information of the related group (group 1) 
acquired from the group secret information storage means 
13 in the server 1 is combined with these information, and 
the hash function H is applied to the whole in the same way 
as the client side. Then, the resultant reproduced temporary 
password "temp"' is compared with the temporary password 
"temp" included in the received group certificate GC in a 
comparison means 20 (formed in for example the verifica- 
tion unit 12 of FIG. 4). If the two are identical, it is seen that 
the group certificate GC is a legitimate one free from forgery 
or tampering on the network 4. This is because, if even part 
of the information m the group certificate has been altered 
the two cannot become identical due to the nature of the hash 
function H explained above. Tampering resulting in an 
identical temporary password is impossible or verv difficult 
due to the natures of the hash function H. 

side processor (hash function unit 16) centrally processes at 
least the group name and the secret information unique to 
tlut aruip incji>dtd "1 th„ jnovti cefAcTt & received 
ide bv the hash functi< 



the venficati 
reproduced temp 



- (Irish \ 



lo reproduce 



roup s. 



suing ipjv 



password "temp"", 
the system ai distributed group management 10 
embodiment performs the processing illustrated 
■wing Flo. 14 to FIG. 16. 
i 1 x< 15 arc pans o< a ,11 v» of the ft>„ uj tl*. 
cessmg according to the first embodiment. 
" 1 1 'i >. J"tw iv i lh<. t %^ will be 
>y relemng to Ho. 5 and HO. 6. 
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i.e., the user name "user B", the server name "server X" to 
which it wants to request the remote processing, and the 
password "password B" to the group certincate issuing 
apparatus 3. 

The group certificate issuing apparatus 3 first checks the 
password by an authentication function unit 22 to authenti- 
cate the user 1, then checks the received server name "server 
X" and user name "user B" at the user-group mapping 
storage means 32 and acquires the group name "group 1" l 



Next, the group certificate GC is generated from the group 
name "group B", valid term information "timestamp", and 
the secret information by the above method. Note that the 
method of determining the valid term is not particularly 
determined in the present invention, but there are shortcom- 
ings when the term is both long and short, so it is suitably 
determined. The group certificate generated in this way is 
returned to the user. The above processing will be referred 
to as a "group certificate acquirement phase". ; 

This group certificate GC may be transmitted to the server 
1 for requesting remote processing by the client 2 to the 
server 1. At the server 1 receiving this group certificate GC, 
first the group certificate verification unit 12 verifies the 
recei ved group certificate. The detailed method of verifies- 1 
tion will be explained in FIG. 16, but when it is decided that 
the group certificate is correct as a result of the verification, 
the group name included in the group certificate GC is 
regarded as correct, and the group name is used for obtaining 
the corresponding authorization from the group-authoriza- 
tion mapping storage means 15. The above processing is 
referred to as the "log-in phase". The desired remote pro- 
cessing is executed after that. 

FIG. 16 is a view of the flow of operation of the group 
certificate verification unit 12 according to the first embodi- 
ment. First, the group certificate storing unit 14 successively 
storing received group certificates GC is searched through to 
investigate if there is a group certificate having the same 
temporary password "temp" as that of the group certificate 
GC currently received among the group certificates GC with 
the unterminated valid terms (step Sll). 

If there is such a certificate, the received group certificate 
GC was illegitimately doubly used, so the related remote 
processing request is rejected (steps S12 and S17). If there 4< 
is not such certificate, tie received group certificate GC is 
added to the group certificate storing unit 14 (steps S12 and 

sm. 

Next, the received group certificate GC is verified. If it is 
correct (steps S14 and S15). it is notified to the authenlica- v 
tion function unit 11 that it passed the verification (step SI 6). 

Note tnat. m this first embodiment, tne authentication 
between the group certificate issuing ar>paratus 3 and the 
user is earned out by a password, but the method of 
authentication is not limited to this. If there is no possibility 
of illegitimacy between the group certificate issuing appa- 
ratus 3 and [he user, the authentication neea not be carried 
out. Alternatively, it is also possible to utilize another 
reliable metiiod oilier tnan a password, jor example uniize a 
physical characteristic or utilize a host address of the client. 
On the other hand, if the path flmc LI ! between the erotip 
certificate issuing apparatus 3 and the user is not saie and 
there is a possibility of eavesdropping or tampering. H is 
p ssibic it iu t the iw o slwrt juciicnptioiiKtv in the simc 
way as in the Kerberos and combine authentication and ft' 
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As explained above, according so the first embodiment, by 
applying the hash function H, the group certificate GC is 
generated and verified. The processing of this hash function 
H is performed at a high speed, i.e.. at least several times 
faster than the relatively high speed processing of conven- 
tional encryption by a shared key. Therefore, there is the 
effect of contribution to faster issuance and verification of 
ihe group certificate. 

[Second Embodiment! 

FIGS. 17 and 18 are parts of a view of a second embodi- 
ment according to the present invention. 

The group certificate issuing apparatus 3 in this second 
embodiment cooperates with a hash function unit 41 pro- 
vided in the client 2. This hash function unit 41 processes the 
temporary password "temp" explained above by the hash 
function IT m number of times. The obtained issuance side 
processed value (hash value) is used as a one-time p; 
A log-in request GC' comprised of al least the group ni 
and the one-time password is generated by the client 2 in 
place of the group certificate GC explained above. 

In the group certificate verification unit 12 in the second 
embodiment, the hash function unit 16 serving as the veri- 
fication side processor processes the temporary password 
"temp" by the hash function H m number of times to 
reproduce the verification side processed value (hash value) 
as a one-time password and confirms that the one-time 
password extracted from the log-in request GC' including 
the one-time password similarly generated on the client 2 
side and the reproduced one-time password coincide for the 
authentication. 

In the system of distributed group management 10 of the 
first embodiment explained above, the group certificate GC 
was transmitted from the client 2 to the server 1, but the 
group certificate GC is not concealed at this time. Therefore, 



if this is leaked due tc 



"I viewmg ( 



r the like, a third 



party can transmit the group certificate GC to the server 1 . 
At this time, the server 1 cannot distinguish if the transmit- 
ting side of the group certificate GC is the correct user or a 
third party. Such an attack will be referred to as a replay 
attack. In order to prevent this replay attack, in the system 
of distributed group management 10 of the first embodi- 
ment, the group certificate is held in the group certificate 
storing unit 14 to prevent double use. 

However, measures against such double use are predi- 
cated on transmission of the group certificate GC to the 
server 1 by a legitimate user earlier than a third party. If a 
third party has transmitted the group certificate GC to the 
server 1 before me correct user transmits the group certifi- 
cate GC due to some sort of reason, the server 1 regards the 
third party as correct and rejects requests for remote pro- 
cessing from the legitimate user transmitting a group cer- 



Aiso. smce double use is rejected, one group a 
;t GC can be used only one tune. For this reason, while the 
is no problem it establishing a session bv one authentication- 
then treating the sufaseuueni series ol remote processing 
using the concept of a 



te processing n 



again: 



j and requiring a 

cessmg request, it becomes n 
group certilicate GC every tim 
occurs, so the efliciencv is poor. 

Referring lo FIG. 17 and FIG. 18 again, in the system of 
distributed eroup manacement if) of tne nrst embodiment. 
» as explained above, the group certificate GC was transmitted 

ment. tins tiroup certificate GC is replaced bv the joa-m 
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In the server 1. the group certificate (log-in request) 
verification unit 12 verifies the legitimacy of the received 
log-m request GC by applying the hash function H by 
exactly the same number of times as the number of times at 
the client 2 by using the group secret information storage 
means 13 and the group certificate (log-in request) storing 
unit 14. When it is leaiiiinate. the loa-in request GC and the 

e j. 1 b pp c 

uon of me hash function are stored in the group certificate 
storing unit 14. The authentication function unit 11 deems 
s complete wim the success of tins 



the 



sthegi 



e processinu 



e authorization correspond 
uses Ihe same for the execution of 
requested from the user of the clien 

The number of times (m) of application of the hash 
function H relating to the log-in request GC' is decremented 
by a predetermined number (for example 1) at each of the 
client 2 and the server 1 by the same manner as the technique 
of the usual one-time password, that is, first starting from a 
predetermined fixed number of times and then each time 
preparing or verifying a log-in request utilizing the same : 
group certificate. 

FIG. 19 is a view of a concrete method of generation of 
the modified group certificate (Jog-in request) GC'. 

The modified group certificate (log-in request) GC' is 
formed by generating the one-time password with the tern- ' 
porary password "temp" in the group certificate GC as a 
seed. In this second embodiment, the log-in request is 
realized by applying the cryptographic hash function H a 
plurality of times (m) and decrementing the number of times 
m by one from the predetermined value n whenever the same A 
group certificate GC is used. Namely, defining the number of 
times up to the current usage of the group certificate GC as 
k, the hash function H is applied to the temporary password 
* temp ' (n-k) number of times. Then, the result is switched 
with the original temporary password and used as the 5 
one-time password. This becomes the log-m request uC'. 
When k=n is reached, the number oi times by which the 
group certificate Gc can be used ends, and it is necessary to 
ask the issuing apparatus 3 to newiv issue the group certifi- 



cryptographic hash function H. 

The client 2 receiving the group certificate GC from trie 

temporary password temp from the content of the group 
certificate GC at the remote processing request to the server 
1. applies the hash function tl a plurality of times {m) to mis 

password, and then replaces tins bv the original temporary 
password and uses this replaced value as the modified group 
certificate, that is, the log-m request GC. Then, the client 2 



value which the one-tune password "temp'" should be in ibe 
los»-m request GC' at the comparison means 20. If the two 
are equal, it is seen that the received log-m request GC' is a 

FIG. 21 is a view of an example of the data held m the 
modified group certificate (log-m request) storing unit 14 

According to the first embodiment, it was sufficient to 
siore me received group certificates GC in tne storing unit 14 
(thj, 4, WG. 6 ) as tnev were, but int.he second embodiment 

i it is necessary to store the value of k of the number of times 
«f s 1( _ i 1 ip s hi 0 nup -er'ifcate C( tha ,s *rx 
number of times of application of the hash function H. In this 
example, the value of k when the log-in request GC is used 
1 ist is 1 eld No'c Mf *rc l\ it pies a* ^c-tan pern's 

i of time. 

FIGS. 22 and 23 are parts of a view of the flow of the 
overall processing according to the second embodiment. 

The flow of the processing of these figures will be 
explained by referring to FIG. 22 and FIG. 23. 

1 he group certiiicate acquirement phase " snown in HG. 
22 is the process until the client 2 acquires the issued group 
certiiicaie. h is the same as the hrsi embodiment, so the 
s omitted. 



Thei 



;sing to 
t 

dab 



5sh0! 



FIG. 23, 



! requesting ri 



Not, 



inple. a hash function H the sr 



the first embodiment is used, but it is 



at necessary tc 



ethe 



FIG. 20 is a ' 
tne modified group c 
second embodiment. 

In the same way as the first embodiment, alter the 
.<. lip mry f is»w ord kmr- i% <. tluikitcd ilk. hash *ui)iJili 
H is applied to the temporary password "temp' {n-k) < 



then U 



pass 



a tiu 



The server 1 iirst verifies the received loa-in request GC 
u ai me moainea group certiiicaie (log-in request) verification 
unit 12. If this log-in request GC is legitimate, it regards the 
group name in the log-in request GC as legitimate in the 
same way as the first embodiment and acquires the autho- 
rization given to the related group (refer to "log-in phase"). 
5 FIGS. 24 and 25 are parts of a view of the flow of 
operation of the modified group certificate (log-in request) 
verification unit 12. 

In FIG. 24, first the modified group certificate (log-in 
request) storing unit 14 is searched through to confirmed if 
3 there is any log-in request having the same group name and 
the same valid term information as those of the received 
log-in request GC among the log-in requests GC having 
unterminated valid terms (step S21). If there is no such 
request, it is regarded that the group certificate was used first 
> and k is made equal to 0. If there is such a request, the value 
of the k oi that item is fetched and is incremented bv exactlv 
1 (steps S22. S23. and S24). 

Next, dv using this k. as shown m FIG. 20. the received 
log-in request GC' is verified (step S25). When "temp" and 
i ' temp' coincide, it is regarded that the log-m request GC' is 
legitimate isieps S2o and $27). At tins time, tne previously 
found item m the verification unit 12 is replaced by the 
received new iop-m request GC' and the just used value of 
k incremented by exactly l. Further, the content thereof is 
stored m the storing unit 14 (step S29). 

As explained above, in the second embodiment, even if 
ihe log-m request GC is leaKea to a third party due to for 
example eavesdropping of the communication between the 
client 2 una tne server 1. tne temporary password "temp ' per 
se is not leaked. Also, due to the nature of the crvptoamphic 
hash function H. it is also impossible to predict and calculate 
the next log-in request from a currently leaked log -in 
request. Accordingly, the server 1 will not accept a thud 
paitv preteijuing itself as the legitimate user so long as trie 
server 1 dots nut -icu.nl the saint lug m request Thtitfoic 
i Ha> i j-os^iSk Iji j 'cgi'inatc u->u to form a pi m dim 
of log-m requesis OC Irom one group certificate GC and 
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while avoiding the risk of replay attack, therefore, even m 
a case where a plurality oi remote processing requests 

authentication, a single issuance of the group certificate is 
sufficient. .Therefore there is the effect that the processing 
efficiency greatly rises. 

[Third Embodiment! 

rlGS. 26 and 27 are parts of a view of a third embodiment 
according to the present invention. 

The group certificate lssuina apparatus 3 m this third 
embodiment cooperates with a unique ID generation means 
42 provided m the client 2. This unique ID generation means 
42 generates an autnenucauon Iu "auth_id" tor mutual 
authentication between the client 2 and the server 1, includes 
this authentication ID in the group certificate GC, and 



IS 



it 16, then rc 



the se 



o the si 



Tl. 



Also, in the group certificate verification unit 12 in the 
third embodiment, for the mutual authentication between the 
client 2 and the server 1, the authentication ID "auth_id" 
transmitted included in the group certificate GC is received 
from the client 2 and predetermined processing is applied to 
this to generate the server reply "rep". This server reply is 
returned to the client 2. This returned server reply is com- 
pared with the server reply "rep'"expected in the client 2 by 
using the same processing as the predetermined processing. 
When the two coincide, the client 2 can authenticate the 

Furthermore, the group certificate issuing apparatus 3 in 
the third embodiment receives the group certificate GC 
including the transmitted authentication ID "authjd" at the 
server, applies predetermined processing to this, and returns 
the thus obtained server reply "rep" to the client 2. The 
server reply "rep"' expected at the client 2 by using the same 
processing as the predetermined processing and the returned 
server reply "rep" are compared. When the two coincide, the 
client 2 authenticates the related server. 

In the systems of distributed group management 10 of the 
embodiments explained above, the server 1 authenticated 
the user U of the client 2, but the client 2 did not conversely 
authenticate the server 1. Namely, there was no means for 
confirming from the client 2 if the server 1 requested by the 
client 2 to do the remote processing was the real server 
which knew the secret information (secret 1 . secret 2. . . . ) 
of the group corresponding to the group name. 

For this reason, it was impossible to nrevent a false server 
irom accepting a request from a client 2 on the pretext of 
being the real server, so there was a disadvantage in securitv. 

Referring to FIG. 26 and FIG. 27 again, in the third 
embodiment, m addition to the components of the embodi- 

The client 1 receiving the group certificate GC from the < 
group certificate issuing apparatus 3 generates an authenti- 
Cdtio-i Ti in hjd unlove asaiiiueili i bu >! nnts 
of generation and of a generated value which cannot be 
^xp-e e J b\ u h the Ji iqiiw ID feci ^ atn i 42 it 1 1 c 

of a remote processing request to the server 1. Then, the « 

and the valid term information timestamp m the aroup 
certificate GC to the server 1. 

llx sen u - reccninj, them t uui nc me \ due of tut 

il SC I'L lJ^K,U„f TJ > et CC t'Mllt I) J h! ' 



ated replv rep to the client 2. 
The client 2 processes the vaiue of the server replv 

5 authentication ID and comnares the two so as to confirm the 
value is eauai to the server renlv "ren ' returned from the 
server 1. If they are equal, the client 2 regards that the 
autnentication oi me server succeeded, transmits trie tem- 
porary oassword 'temp' or log-m request GO to thp server 
i0 1 in the same way as the already explained embodiments 
h~r afvr nd ectivcs lie *1 tnt cm o 

FIG. 28 is a view of a concrete method of generation of 
the server reply "'rep '. 

The server 1 fetches the aroup name and the valid term 
is lniormation irom tne group certilicate lie (tne uppermost 
stage in the figure) received from the client 2, adds the secret 
information of the related group (defined as the secret 1) to 
them, and applies the hash function H to reproduce the 
temporary password "temp" (middle stage in the figure). 
20 Further, it adds the authentication ID "authjd" fetched 
from the group certificate GC to the temporary password 
"temp" and applies the hash function H again. The value 
obtained here becomes the server reply "rep". 

FIG. 29 is a view of a concrete method of verification of 
25 the server reply on the client side. 

In the client 2, (he temporary password "temp" is fetched 
from among the information of the held group certificates 
GC, the held authentication ID "authjd" explained above is 
added to this, and the hash function H is applied in the same 
30 way as the server side. By this, the expected server reply 
"rep 1 " is obtained. 

The client 2 compares the expected server reply "rep"' and 
the server reply "rep" of FIG. 26 returned from the server 1 
at its own comparison means 43. When the two are equal, it 
S5 can determine the related server is the correct server 1. 
FIGS. 30 and 31 are parts of a view of the flow of the 
overall processing according to the third embodiment. 

In order to request remote processing to the server 1, the 
client 2 first generates the authentication ID "authjd" by the 
10 unique ID generation means 42 and transmits three pieces of 
information, that is, the group name, valid term information, 
and the authentication ID, to the server 1. The server 1 
generates the server reply "rep" by the method shown in 
FIG. 28 explained above and returns this "rep" to the client 
5 2. The client 2 verifies this bv the method shown in FIG 29 
explained above. If the result of the verification is correct, 
thereafter, the group certificate GC or the log-in request GC 
ts transmitted to the server 1 in the same wav as the alreaav 
explained embodiments. 
i) Note that, the authentication ID "authjd" must be unique 
to an extern mat prediction ot tne next value is impossible to 
compute and there is a very small probability of a value 
accidentally matehmu, Simple random numbers are also 
possible, but m order to avoid accidental loss ot the unique- 
5 ness. it is further preferred if a value which vanes rvcrv time 
like a sena j number is combined with the random numbers . 
This is because the next value can be predicted by mst the 
serial numbers. 

j\s explained above, m the third embodiment, tne client I 
trnsnitsu j then leition ID uhjd different even t me 
to the server 1 . The server 1 generates the server reply "rep" 
from the authentication ID and the secret information oi the 
group and returns it lo the client 2. The client 2 verifies the 
server repiy rep . AccordmaJv. a false server wrucn does 
■ not know the secret information of the group cannot gener- 
-t he \l repl ti rct'\ uavc ponding to tie mthui 
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ver.By 



3 fourth embodiment 



becomes possible for the client so authenticate the 
this, the request of remote processing to a faise ser 
prevented, so there is an effect that the security i 
[Fourth Embodiment] 

FIGS. 32 and 33 are ' 
according to the present invention. 

The group certificate issuing apparatus 3 in this fourth 
embodiment cooperates with an encryption processing unit 
46 provided in the client 2. This encryption processing unit , 
46 operates so as to establish the encryption session from the 
client 2 to the server 1 with the temporary password "temp" 
as the encryption key. 

Also, the group certificate verification unit 1 2 in the fourth 
embodiment cooperates with an encryption processing unit } 
45 provided in the server 1. This encryption processing unit 
45 operates so as to establish the encryption session from the 
server 1 to the client 2 with the temporary password "temp" 
as the encryption key. 

In the systems of distributed group management 10 of the 2 
first and second embodiments explained above, the server 1 
authenticates the user U of the client 2, but the client 2 does 
not conversely authenticate the server. 

For this reason, in the already explained first and second 
embodiments, there is the disadvantage in security as 2 
explained in the third embodiment. 

Referring to FIG. 32 and FIG. 33 again, in this fourth 
embodiment, in addition to the components of the first and 
second embodiments explained above, the encryption pro- 
cessing units 45 and 46 are provided so that the server 1 and 3 
the client 2 can perform encryption and/or decryption based 
on the same encryption algorithm. 

The client 2 receiving the group certificate GC from the 
group certificate issuing apparatus 3 transmits the group 
name and the valid term information to the server 1 at the 3 
lime of a remote processing request to the server 1. The 
server I receiving them generates the group certificate GC 
from these two values and the secret information of the 
group. Thereafter, communication relating to the remote 
processing request is encrypted with the value of the tem- 41 
porary password "temp" in the group certificate as the 
encryption key, the communication is transmitted to each 
other, and decryption is carried out when it is received. 

FIG. 34 is a view of the flow of the overall processing 
according to the fourth embodiment. Note, the "group 4: 
certificate acquirement phase" is similar to that explained 
above, so only the "log-in phase" is shown. 

In the fourth embodiment, in the same way as the first and 
second embodiments, after receiving the issuance of the 
group certificate GC, the client 2 transmits the group name 5( 
and the valid term information "timestamp". and the server 

1 processes the temporary password "temp" from them and 
the secret information of the group. By this, the value of the 
temporary password is shared between the server 1 and the 
client 2. therefore, thereafter, the encrypted communication 5; 
is carried out with this value as the encryption key. By this, 
even without the explicit authentication as m the case of the 
third embodiment, the communication content can be sent 
only with respect to the correct opposing party. In an 
example of the flow of the processing of the log-in phase of ot. 
FIG. 34. the session ID "session _ id" is transmitted from the 
client 2. This is added where a plurality of users U or clients 

2 are connected to the same server in order to discriminate 
them on the server side. Accordingly, tins is not always 
necessary for the principle of the fourth embodiment. The 65 
session ID "session Jd" may be explicitly generated at the 
client 2 and transmitted. Alternatively, use may be made of 



party 
1 tms, the 



a value obtained from the communicating means, for 
example, the host address or port number of the client. 

As explained above, in the fourth embodiment, the client 
2 obtains the temporary password "temp" from the issued 

; group certificate GC. and the server 1 obtains the temporary 
password "temp" from the three pieces of information of the 
group name and the valid term information received from 
the cl lent 2 and the secret information of the group held by 
itself and can share the "temp" in secret. 

) By using this temporary password "temp" for encryption 
of the following communication, only the above two units 
(except the group certificate issuing apparatus 3) can decrypt 
this encrypted communication. Therefore, even if the 
authentication is not explicitly carried o 

> tion content is transferred to only the cor 
as if the mutual authentication were carried 01 
request of remote processing to the false serv 
prevented, so there is the effect that the safety ri 

) [Fifth embodiment] 

FIGS. 35 and 36 are parts of a view of a fifth embodiment 
according to the present invention. 

The group certificate issuing apparatus 3 in this fifth 
embodiment is provided with a log file 48 for recording a log 

; of the session according to each remote processing request 
for each of the users U and supervises each user based on the 
log. 

Also, the group certificate verification unit 12 in the fifth 
embodiment cooperates with a log file 47 provided in the 
, server 1. This log file 47 records a log of the session 
according to each remote processing request for each of the 
users U and supervises each user based on this log. 

Further, in the group certificate issuing apparatus 3 in the 
fifth embodiment, the temporary password "temp" for every 
session is included in the log so as to identify the sessions. 

Also, the group certificate verification unit 12 of the fifth 
embodiment includes the temporary password "temp" for 
every session in the log to enable identification of the 

In the server, who requests what operation and what was 
performed is sometimes recorded in the log. However, m the 
systems of distributed group management 10 of the embodi- 
ments explained above, the server 1 can determine on which 
group the request is based, but cannot determine which user 
actually transmitted the request. For this reason, there is a 
disadvantage that, in a special case where for example every 
user is charged for part of the processing or an important 
processing is violated, it cannot be determined from the log 
which users were involved in the processing. 

In the system 1 0 of the fifth embodiment, in addition to 
the system of the first embodiment, the server 1 has a log file 
47, and the group certificate issuing apparatus 3 has a log file 
48. 

'I he group certificate issuing unit 31 of the group certifi- 
cate issuing apparatus 3 records information capable of 
uniquely identifying the user name and the group certificate 
(for example the temporary password "temp" ) as the log 
together with the other information usually recorded (for 
example the server name, issuance date, and the valid term 
information) in the log file 48 in the processing for issuance 
of the group certificate explained according to the first 
embodiment. 

The authentication function unit 11 of the server J records 
information capable of uniquely identifying the group name 
and the group certificate the same as the group certificate 
tlieieuf as the jug togeliici with other information usually 
recorded in the log file 47 when receiving the group certifi- 
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i. Note thai, the present embodi- 
ment was explained as an improvement oi the svstem 10 of 

also with respect to the systems ot the other embodiments. 
Also, the above information capable of uniquely identify- 
ing" is sufficient so far as it can be regarded as unique m 
terms of probability even it « is not completely unique m 
terms of information theory (absolutely). 

FIG. 37 is a view of an example of the data in the log file n 
48 in the group certincate issuing apparatus 3 ot trie fifth 
embodiment, and 

FIG. 38 is a view of an example of the data in the log file 

47 in the server 1 of the fifth embodiment. 
As explained above, in the fifth embodiment, in addition ) ' 

to the above embodiments, the group certificate issuing 
apparatus 3 and the server 1 record the logs in the log files 

48 and 47. By checking them, individual auditing of the 
users becomes possible. 

Referring to FIG. 37, in order to specify the user and the 2C 
group certificate GC issued to the user, it is sufficient so far 
as there are the user name and the temporary password 
"temp". In this example, other than them, the issuance date, 
server name, group name, and the valid term information 
(timestamp) of the issued group certificate GC are recorded 25 
in the log file 48. 

Referring to FIG. 38, in the same way as the case of the 
log file 48 in the group certificate issuing apparatus 3, in 
addition to the temporary password "temp" for specifying 
the group certificate, a starting date and an ending date of the 30 
remote processing, host name of the client, group name, and 
the valid term information are recorded in the log file 47. 

What events the server 1 records in the log file 47 and at 
what time and upon what opportunity it records them are not 
particularly limited in the present invention, but there can be 35 
mentioned for example a time when the group certificate is 
received, a time when the verification of the group certificate 
succeeds, a time when an important remote processing that 
requires charging is carried out, and a time when an impor- 
tant violation occurs in the execution of the security and the 40 
remote processing. 

Note that, in these examples, the temporary password is 
expressed as a series of decimal digits, but the password can 
be recorded in the log files 47 and 48 in any format so far 
as it lias a format that can uniquely identify the original 45 
password. 

As explained above, in the fifth embodiment, the log 
including information eapaele of uniquely identifying the 
group certificate GC and the group name is recorded in the 
log file 47 on the server 1 side, while the log mcludma 5J 
information capable of uniquely identifyma the ssroup cer- 
tifiot C r -ind tl f i «i. t ii orded i '"g fi't 4H 

words, it is recorded m the log file _ 48 on the server 1 side 
what was requested ana what was performed bv using winch ~ 5 
group certificate, while, m the top. hie 47 on the group 
certificate issuujr apparatus 3 side, wmcn group certincate 
is issued lo which user is recorded. 

Accorciinalv, there is an effect such that it can be deter- 
mii J hich i cr c uc !^d \hi* it the sencr nd p 
formed what by checking the log files of the two between the 
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""l v tjtup ccrilic^ «. i uing ^pp rd is 3 u > si„m 
embodiment further includes a unique ID generation means 
51. Further, the hash lunction unit 34 forming the issuance 

tamp) to the group name and the secret information unique 
to xhe group, applies the processing of the hash junction H 
to this, reuurds the obtained issuance sine processed value 
(hash value; as the temporary password (temp), and gener- 
ates a group certificate GC from the group name, valid term 

> information (timestamp). and the temporary password. Here, 
the unique iD generation means 51 generates a certificate iD 
for identifying the group certificate for everv user and adds 
the same to corresponding group certificate GC when group 
certificates GC having identical contents are issued with 

• respect to a plurality of different users. 

Also, the group certificate verification unit 12 in the sixth 
embodiment receives a group certificate GC plus a certifi- 
cate ID for identifying the group certificate for every user 
from the client 2 and allots a plurality of different users to 
the identical group by the certificate IDs when group cer- 
tificates GC having identical contents are issued with respect 
to a plurality of different users. 

Similarly, this group certificate issuing apparatus 3 in the 
sixth embodiment includes the above unique ID generation 
means 51. Further, the hash function unit 34 forming the 
issuance side processor further adds the valid term informa- 
tion to the group name and the secret information unique to 
that group and applies the processing of the hash function H 
to this, obtains the one-time password "temp"' based on the 
obtained temporary password "temp", and generates the 
log-in request GC'. Here, the unique ID generation means 53 
generates a certificate ID for identifying the log-in request 
for every user and adds the same to each corresponding 
log-in request GC' when log-in requests GC' having identi- 
cal contents are issued with respect to a plurality of different 

The group certificate verification unit 12 established cor- 
responding to the group certificate issuing apparatus 3 
receives a log-in request GC' plus the log-in request ID for 
identifying the log-in request for every user from the client 
2 and allots the plurality of different users to the identical 
group by the log-in request ID when log-in requests GC' 
having identical contents are issued with respect to the 
plurality of different users. 

In the systems of distributed group management 10 m the 
above embodiments, the identical group certificate may be 
issued ovenappmglv. Namely, wnen assuming mat a plural- 
ity of users request the issuance of group certificates (fC 
having the same valid term lor the same group of the same 
server to the group certificate issuing apparatus 3 trom lite 
identical or different clients 2. group certificates having the 
same contents will be issued to different users. This is 
oecuuse, the group certificate GC is comprised ot the group 
name, valid term information (timestamp). and the tempo- 
rary password (temp), and this temporary password is 
uniquely prepared irom ttie group name, valid term infor- 
mation, and the secret information of the group. 

Accordingly, there arises an inconvenience that a plurality 
oi different users cannot be discriminated bv the group 
certificates G»_ or by the log- in requests GC' generated from 
thegixup rtfklt stC F) cxtnpk ac ordin^ t th f»M 
embodiment, the server 1 rejects the double use of the same 
group certificate (lor the prevention of illegitimate use!. 
Therefore, when one user previously uses a group certificate 



s the si 



alter II 



>f tin 



EXHIBIT A 



US 7,185,194 B2 



23 



group certificate or log-in request in order to use the server 
1. This causes a disadvantage that the system 10 becomes 
inefficient. 

The system of distributed group management 10 of the 
sixth embodiment is provided with a function of imparting : 
a certificate ID to the group certificate GC or the log-in 
request GC' in addition to the systems of the above embodi- 
ments. This certificate ]D has sufficient uniqueness if within 
a range of frequency where the group certificates GC are 
issued overlappingly. In this case, as the method of genera- l 
lion of the certificate ID, for example the usage of random 
numbers or serial numbers can be used. 

The group certificate issuing apparatus 3 has the unique 
ID generation means 51 for this purpose, generates the 
certificate ID capable of uniquely identifying the group l 
certificate GC (or GC) by using the means 51 when issuing 
the group certificate GC, and imparts this to the group 
certificate GC (or GC') and issues the same. 

The client 2 handles the certificate ID in the group 
certificate GC in the same way as the group name and the 2' 
valid term information. When a log-in request GC 1 is gen- 
erated, in the same way as the group name and the valid term 
information, the certificate ID is imparted to the log-in 

The server 1 handles the certificate ID as a value com- 2: 
prising the group certificate or log-in request in the same 
way as the group name and the valid term information and 
utilizes the same for the identification, verification, and 
storage. 

FIG. 41 is a view of an example of the certificate ID Cid 3( 
based on the sixth embodiment. 

In the sixth embodiment, as an example, it is made 
possible to issue different group certificates GC with respect 
to different users from the same server name/group name/ 
valid term information by adding the certificate ID Cid 35 
having uniqueness to the valid term information. 

Referring to FIG. 41, the case where the certificate ID is 
added to the valid term information is shown. Here, as an 
example, at the preparation of the group certificate GC, the 
case where it is added to the data structure before applying 40 
the hash function H is shown. As shown in the figure, a 
certificate ID Cid comprised of eight decimal numbers is 
added after the date of the valid term. This certificate ID Cid 
is a serial number incremented by one for every group 
certificate issuing apparatus 3 (when there are a plurality of 4$ 
apparatuses 3) or whenever the group certificate is issued. 

Note that, if the date of the valid term information and the 
certificate ID winch have been already generated are fetched 
together and handled as shown in FIG. 41. there is the merit 
that the group certificate GC can be handled m the same way jo 
as the case of the above embodiments, but it is also possible 
to individually handle the unique certificate IDs Cid as 
shown on the right ol the figure. 

As explained above, m the sixth embodiment, by giving 
a unique certificate IDs Cid to the group cemiicaie GC or the i5 
log-in request GC'. even il group certificates having the 
same valid term with respect to the same group oi the same 
server are issued to a plurality oi different users, they can be 
discriminated, so the overlap oi the group c 



By this, even if different users request the issuance ol the 
overlapping group certificates, a different group certificate is 
issued ior every user. Accordingly as explained before, the 
inconvenience that a remote processing request oy another 
user used the second and lot lowing times is rejected iroin the f 
server 1 due to the reaction ol the ooubie use as explained 
above is solved. Accordingly, the other user does not require 
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[Seventh embodiment] 
. FIGS. 42 and 43 are parts of a view of a seventh 
embodiment according to the present invention. 

The group certificate issuing apparatus 3 in this seventh 
embodiment is provided with a user-group mapping storage 
means 32. This user-group mapping storage means can 
0 assign a plurality of different groups to one user. 

Also, the group certificate verification unit 12 in the 
seventh embodiment cooperates with a group certificate 
temporary storing unit 52 provided in the server 1 . When a 
plurality of different groups can be assigned to one user U, 
s it verifies the group certificates GC received from the client 
2 and then stores them in the group certificate temporary 
storing unit 52. Then, it switches the stored group certificates 
GC in accordance with the predetermined authorization 
necessary for the request with respect to the following 
, remote processing requests. 

Similarly, this group certificate verification unit 12 in the 
seventh embodiment cooperates with the log-in request 
temporary storing unit 52 provided in the server 1. When a 
plurality of different groups can be assigned to one user U, 
; it verifies the log-in request GC received from the client 2 
and then stores this in the log-in request temporary storing 
unit 52. Then, it switches the stored log-in request in 
accordance with the predetermined authorization necessary 
for the request with respect to the following remote pro- 
, cessing requests. 

In the systems of distributed group management 10 of the 
above embodiments, when a plurality of group names are 
assigned to one user U, it is possible to change the systems 
so that the user U of the client 2 easily acquires a plurality 
of group certificates GC corresponding to the plurality of 
group names by, e.g., adding a mechanism designating the 
intended group name from the client 2. 

However, in the end it is the server 1 that determines the 
authorization assigned to the group. The user U cannot 
always correctly select the group name with the authoriza- 
tion adequate for the execution of the remote processing 
which it itself wishes to request. Accordingly, there is a 
disadvantage that the remote processing must be requested 
by trial and error by sequentially sending some group 
certificates GC or log-in requests GC to the server I. so 
inconvenience and inefficient work are required. 

Also, even il the user knows the necessary group and can 
correctly select the group, m a case where the authorization 
required for one series of related remote processing needs a 
plurality of different group names, when the processing must 
be moved into the next group name, il there is no authori- 
zation by the group name assigned at present, the fact that 
there is no authorization is notified .from the server 1. For 
this reason, the user must execute the request of the remote 
processing again as the member of a new group. Aecord- 
e that the system 10 becomes 



Referring to HG. 42 and HG. 43 again, the system oi 
distributed group management 10 of the seventh embodi- 
ment has the group certificate temporary storing unit 52 m 
embodi- 



ments. When the 
certificate GO . . 
verifies these GC t: 
certificate tempore 



CrCk I 



the 

then st< 



. the s. 



r 1 



EXHiBI I A 



US 7,185,194 I 



25 



group certificate to llie client 2. the server 1 per se can fetch 
the necessary group certificate from the group certificate 
temporary storing unit 52. 

The client 2 receiving a plurality of group certificates 
GO ..... GCk from the group certificate issuing apparatus 
3 transmits these plurality of group certificates to the server 
1 when requesting remote processing to the server 1. 

The server i receiving these group certificates 
GO, . . . , GCk verifies the received plurality of group 
certificates one by one m the same way as the cases of the 
above embodiments. In this case, the handling in the case 
where some of the plurality of group certificates are ille- 
gitimate is not particularly dealt with in the present inven- 
tion. However, mention may be made of the steps of for 
example rejecting all group certificates or rejecting only the : 
illegitimate group certificates and accepting only the legiti- 
mate group certificates to proceed with the processing. 

The group certificates found to be legitimate as the result 
of the verification are stored in the group certificate tempo- 
rary storing unit 52 until the valid term (timestamp) is ended : 
or a separately determined period has passed. Thereafter, the 
server 1 fetches the suitable group certificates from the 
group certificate temporary storing unit 52 by switching in 
accordance with the remote processing requested by the user 
U and utilizes them in the same way as the cases of the above 2 
embodiments. 

Note that, in a case where not the group certificates GC, 
but the log-in requests GC' are sent to the server 1, the 
processing the same as that described above is carried out for 
the log-in requests in place of the group certificates. 3 

FIG. 44 is a view of an example of the data in the 
user-group mapping storage means 32 based on the seventh 
embodiment. 

As explained above, in the seventh embodiment, in the 
case where a plurality of group names are assigned to one 3 
user U, and group certificates GC with respect to these 
plurality of group names are issued, the client 2 does not 
selectively transmit the group certificates GC, but transmits 
the plurality of group certificates to the server 1. These are 
temporarily stored in the group certificate temporary storing 4< 
unit 52 on the server 1 side. As a result, the server 1 can 
selectively use the necessary groups even if the client 2 does 
not select the group certificates or other group certificates 
are not requested from the server 1 to the client 2. For this 
purpose, in the case where a plurality of group i 



32. 

Note that, in the "group" column on the right side of FIG. 
44, the server names (server X. Y. etc.) are omitted. These : 
server names are exactly the same as those shown m the 
user column on left side of the same figure. 

HCt 45 is _ \ l» f ai x impi. of 'it i<<L. "tan IB 
certificate temporary storing unit 52 employed in the seventh 
embodiment. 

In the figure, this storing unit 52 stores the plurality of 
group certilicaies GC which have been already verified in 
the server 1 and regarded as leeitimate. In this example, the 
session su Sid (lor example a seven digit number) is stored 
together. 1 his is the u J attached for identifying a plurality oi t 
users when the plurality oi users are connected to one server, 
but it is not always necessary Irani the principle ol the 
present embodiment, fhis session ID Sid can be explicitly 
reported irom the client 2 too or use may be made oi the 
information obtained from communicating means, for 6 
csimpk tit adi r<. s < r t >ort numbci i f iht uiuit nc. 
this regarded as the li.) thereof 
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FIGS. 46 and 47 are parts of a view of the flow of the 
overall processing according to the seventh embodiment. 
Note, the description of the "group certificate acquirement 
phase" (refer so tor example FIG. 23) is omitted, and "log-in 
5 phase" after that will be shown in detail. 

First, in FIG. 46, the processing until a plurality of group 
certificates GO to GC3 are issued and the client 2 acquires 
them is similar to the cases of the above embodiments. When 
the client 2 then requests the remote processing to the server 

0 !. the client 2 transmits the issued plurality of group 
certificates to the server 1 . 

The server 1 receiving the plurality of group certificates 
verifies the legitimacy of each in the group certificate 
verification unit 12 in the same way as the eases of the above 

s embodiments. Some measures of how the result of this 
verification should be handled can be considered, but are not 
particularly prescribed in the present invention. 

The verified group certificates are stored in the group 
certificate temporary storing unit 52. Some group certificates 

) required in the following remote processing are appropri- 
ately selected and utilized. Below, an example of appropri- 
ately selecting the group certificates by the server will be 
shown, but here an explanation will be given by taking as an 
example the data of the group-authorization mapping stor- 

1 age means 15 shown in FIG. 11 of the first embodiment. 

The user "user B" receives the group certificates for three 
groups of "group 1", "group 2", and "group 3" according to 
FIG. 44 and transmits them to the server 1 as shown in FIG. 
47. It is assumed that the server 1 verifies the above three 
' group certificates and decides that all are legitimate as the 
result of the verification. After that, it is assumed that the 
user "user B" requests remote processing such as "read (r) 
the file A and write (w) the result thereof into the file B" 
(refer to FIG. 11). In this case, for the read (r) operation of 
the file A, the authorization of the "group 1" was sufficient, 
therefore the server 1 fetches the group certificate GC 
corresponding to the "group 1" from the group certificate 
temporary storing unit 52 and uses this GC for the check in 
the group-authorization mapping storage means 15. Note 
that, if it is necessary to take a log as in the fifth embodiment, 
it is recorded in the log file 47 (FIG. 36) by using the group 
certificate corresponding to the "group 1". 

Next, the result of the read (r) is written into the file B (w), 
but only the authorization of the "group 1" (only r) is 
insufficient for this. The authorization of the group 3 (both 
of r and w) are necessary. Accordingly, the server 1 switches 
to the group certificate GC3 corresponding to the group 3, 
fetches this from the group certificate temporary storing unit 
52, and acquires the corresponding authorizations (r and w) 
by using this GC3 Jor the check m the means 15. If 
necessary, it describes this in the log file 47 bv using the 
group certificate GC3 corresponding to the group 3 and 
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mporarily stored after the 



the client 2 
verification by the 
selected irom among them and utilized in accordance with 
the remote processing requested by the user U. 

By this, even in a case where the user b does not know 
the group membership which becomes necessary for the 
r< rat te pn t bint, ird cast w litre a pi irali«y if d ffer-t 
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with the already explained ticket of the related 
art, the issuance and verification 01 the ticket, i.e.. a group 
certificate, at a high speed become possible. 

further, witn such an authentication system, a plurality of 
remote processing requests may be made by one group 
certificate, mutual authentication between the clients ana 
servers becomes possible, the group certificates of tne same 
group and same valid term are issued to a plurality of users, 
the handling of a plurality of groups assigned to the user 
becomes possible, etc. By this, the effects of improvement m 
the safety, convenience, and efbciencv are exhibited. 

Also, by recording in the log file a log enabling checking 
of a specific user from among a plurality of users according 
to need, the safety and supervision capability of the system 
10 are further enhanced. 

While the invention has been described with reference to 
specific embodiment chosen for purpose of illustration, it 
should be apparent that numerous modifications could be 
made thereto by those skilled in the art without departing 
from the basic concept and scope of the invention. 
What is claimed is: 

1. A system of distributed group management for indi- 
rectly authenticating membership of a user in a group in 
order to manage security for a client on a client side and a 
server for executing a remote processing request from the 
client side under a predetermined authorization assigned for : 
every group, provided with; 

a group certificate issuing apparatus for issuing a group 
certificate on the client side based on original group 
information including the name of the group to which 
the related user belongs when there is said remote : 
processing request; and 
a group certificate verification unit for verifying a legiti- 
macy of said group certificate transmitted from the 
client side in said server, wherein 
said group certificate issuing apparatus adds an issuance A 
side processed value obtained by encrypting the infor- 
mation of the original group information by a crypto- 
graphic function to the original group information and 
defines this as the group certificate, 
said group certificate verification unit processes part of 4 
the information included in the received group certifi- 
cate by an identical cryptographic function to obtain a 
verification side processed vame and performs said 
authentication by confirming that said issuance side 
processed value and said verification side processed 5> 

said group certificate issuing apparatus includes first 

original group information and performs the processing 
by cnn fnvp 1 c tumtion f>A hrsi stuet j for 
ination being held onfv by said group certificate issuing 

said group certificate vent 



and performs the process 
function, said second sect 
only by said group ccrtific; 



tion unit includes second 
to the groups in part of 
receivea group certificate f. 
ta bv said cryptographic 
•t information being held 



rectlv authenticating membership of a user m a group in 
order to manage secuntv for a client on a client side and a 
server icr executing trie remote processing request from the 
5 client side under a predetermined authorization assigned for 
every group, comprising the step of: 

processing information of original eroun information 
including the name of the group to which the related 
user belongs by a cryptographic function wnen there is 
,o said remote processing request on the client side and 
issuing a group certificate omained oy aaaing an issu- 
v-c pc ^ t^aiL. v wrpn^t^ 
information of the original group information by the 
cryptographic function to the original group lntorma- 
5 tion, and including first secret information assigned to 
said groups m said original group information and 
performing the processing by saw cryptographic junc- 
tion, said first secret information being held only by a 
group certificate issuing apparatus, 

0 processing the information of the received group certifi- 

cate by an identical cryptographic function to obtain a 
verification side processed value on a server side, and 
including second secret information assigned to the 
groups in part of information included in said received 
5 group certificates and performing the processing by 
said cryptographic function, said second secret infor- 
mation being held only by a group certificate verifica- 
tion unit, said first secret information and said second 
secret information being identical secret information 
3 for identical groups, and 

comparing said verification side processed value and 
received issuance side processed value on the server 
side and confirming that they coincide, thereby to 
perform said authentication, and verify the legitimacy 
5 of said group certificate transmitted from the client side 
in said server, wherein 
said cryptographic function is a hash function. 
3. A group certificate issuing apparatus comprising part of 
a system of distributed group management for indirectly 

1 authenticating membership of a user to a group in order to 
manage security with respect to a client on a client side and 
a server including a group certificate verification unit for 
executing a remote processing request from The client side 
under a predetermined authorization assigned for every 
group, provided with: 

an issuance side processor for issuing original group 
information including the name of the group with the 
related user membership thereto when there is said 
remote processing request and. at the same time, adding 
an issuance side processed value obtained bv encrypt- 
ing the information of the original group information 
by a cryptographic function to the original group mlor- 

said group certificate issuing apparatus including first 
secret information assigned to said groups in said 
Original group information and performing the pro- 
cesMii^ bv ^ id cm i t j.r^ih) l> n h -in s»d * iv v_< i- e 
information being held only by said group certificate 
issuing apparatus, and 

held bv said group certificate verification unit to be 
communicated with said group certificate issuing appa- 
ratus are identical secret information for identical 
groups, wherein 
said cryptographic function is a hash function, and said 
issuance side processor is provided with a hasii facihtv 
for performing the orocessme of the hash function. 
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4, A o »0' p sxrt 'iLau. "-Uiit pp n.iu> a- Lrlli id 
ciaim 3, wherein said issuance side processor centrally 
applies the processing of said hash function with respect to 

that group, regards said issuance side processed value as the : 
temporary password 'temp", and generates said group cer- 
tificate from at least said group name and said temporary 



5. A group certificate issuing apparatus as set forth in 
claim 4. wherein it cooperates with a hash function unit 
provided in said client and the hash function unit applies the 
processing of said hash function in times with respect to said 
temporary password, regards the obtained issuance side 
processed value as a one-time password, and a log-in request 
comprised of at least said group name and said one time 
password is generated by the client in place of said group 

6. A group certificate issuing apparatus as set forth in 
claim 5, wherein a unique ID generation means is further 
included and, at the same time. 

said issuance side processor further adds the valid term 
information to said group name and the secret infor- 
mation unique to the group and applies the processing 
of said hash function, obtains said one time password 
based on an obtained temporary password and gener- ; 
ates said iog-in request, and 
said unique ID generation means generates the certificate 
ID for identifying the log-in requests for every user 
when the log-in requests having the identical contents 
are issued with respect to plurality of different said : 
users and adds the same to each corresponding log-in 
request. 

7. A group certificate issuing apparatus as set forth in 
claim 4. wherein it cooperates with a unique ID generation 
means provided in said client, and the unique ID generation 3 
means generates an authentication ID for mutual authenti- 
cation between said client and said server, contains the 
authentication ID in said group certificate, and transmits the 

8. A group certificate issuing apparatus as set forth in 4 
claim 7. wherein said transmitted group certificate including 
said authentication ID is received at said server, a server 
reply obtained by applying a predetermined processing with 
respect to this is returned to said client, a server reply 
expected in the client by using the same processing as the 4 
predetermined processing and the returned server reply are 
compared, and when the two coincide, the client authenli- 

9. A group certificate issuing apparatus as set forth in 
claim 4, wherein it cooperates with an encryption processing si 
unit provided in said client, and the encryption processing 
unit establishes an encryption session from the client to said 
server with said temporary password as an encryption key. 

10. A group certificate issuing apparatus as set forth m 
claim 4. wherein provision is made of a log file for recording 5f 
the log of the session according to each said remote pro- 
cessing request ior each ot said users, and supervision of 
each user is performed based on the log. 

11. A group certificate issuing apparatus as set forth in 
claim 10. wherein said temporary password for every said «. 
session is included in said log and thereby to identify the 

12. A group certificate issuing apparatus as set forth in 
claim 4, wherein a unique ID generation means is further 
included and. at the same time. 65 

said issuance side processor further adds valid Serin 



mauon unique to the group and applies the processing 
of said hash function, regards obtained said issuance 
side processed value as the temporary password, and 
generates said group certificate from said group name, 
said valid term information, and said temporary pass- 
word, and 

said unique ID generation means generates the certificate 
ID for identifying these group certificates Jor every user 
and adds the same to corresponding each group cer- 
0 tificate when the group certificates having the identical 
contents are issued with respect to plurality of different 

13. A group certificate issuing apparatus as set forth in 

claim 3, wherein provision is made of a user-group mapping 
5 storage means, and in the user-group mapping storage 
means, a plurality of different groups can be assigned for one 

14. A group certificate verification unit comprising a 
system of distributed group management for indirectly 

0 authenticating the membership of a user to a group in order 
to manage security of a client on a client side and a server 
for executing a remote processing request from the client 
side under a predetermined authorization assigned for every 
group, including: 

5 a verification side processor for processing information 
included in a group certificate issued by a group 
certificate issuing apparatus and received from the 
client side by a cryptographic function to generate a 
verification side processed value on the server side and 

) performing said authentication by confirming that an 
issuance side processed value included in the received 
group certificate and said verification side processed 
value coincide, 
said group certificate verification unit including second 

1 secret information assigned to the groups in part of 
information included in said received group certificate 
and performing the processing by said cryptographic 
function, said second secret information being held 
only by said group certificate verification unit, and 

i first secret information held by said group certificate 
issuing apparatus to be communicated with said group 
certificate verification unit and said second secret infor- 
mation are identical secret information for identical 
groups, wherein 
said cryptographic function is a hash function and said 
verification side processor is provided with the hash 
facility for performing the processing of the hash 
function. 

15. A group certificate verification unit as set forth in 
claim 14, wherein said verification side processor centrally 
applies the processing of said hash function with respect to 
at least the group name and the secret information unique to 
that group included in said group certificate received from 
the client side so as to reproduce said verification side 
processed value as the reproduced temporary password. 

16. A group certificate verification unit as set forth in 
claim 15. wherein said verification side processor is a bash 
function unit, and the hash function unit applies the pro- 
cessing of said hash function to said temporary password rn 
number of times to reproduce said verification side pro- 
cessed value as a one-time password and confirms that the 
reproduced one-time passw ord and the one time password 
extracted from the log-in request including the one-time 
password similarly generated on the client side coincide to 
perfonn said authentication. 

17. A group certificate verification unit as set forth in 
claim 16. wherein it receives Jog-m requests added with 
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toe-in request iDs ior identiivmg these :og-m requests ior 
every user Irom said client and allots said plurality 01 
different users to identical groups bv the log-m request ID 
v-ntn aw log in ^ .e>-t- havng UK » tnijwi ionic l arc 
issued with respect to plurality of diflerent said users. 

18. A group certificate verification unit as set forth in 
clnim IS wherein, for the mutual authentication between 
Miui'iuiianJ kji»1 ^ ve il <.. u l! ^i. i.«ti. n ,, > i r t^ -1 
iik iudvAi m > ud gro p ~r t,~< c, , — cd fr ,,"",d:Lul 
predetermined processing is applied with respect to this to 
generate a server reply, the server reply is returned to said 
chent and compared with the server reply expected in the 
client bv using the same processing as the predetermined 
processing, and when the two coincide, the client authenti- 
cates the server. 

39. A group certificate verification unit as set forth in 
claim 1 5. wherein it cooperates with an encryption process- 
ing unit provided in said server, said encryption processing 
unit establishing an encryption session from the server to 
said client with said temporary password as an encryption 

20. A group certificate verification unit as set forth in 
claim 15, wherein it receives group certificates added with 
certificate IDs for identifying these group certificates for 
every user from said client and allots said plurality of 
different users to the identical groups by the certificate IDs 
when group certificates having identical contents are issued 
with respect to a plurality of different users. 

21. A group certificate verification unit as set forth in 
claim 15, wherein it cooperates with a log-in request tern- 
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porary storing unit provided in said server, ana. when the 
assignment of the plurality ol diflerent groups is enaeied for 
one saia user, it vermes said log-m requests received from 
said client, stores them in the jog-m request temporary 
5 storing unit, and switches and uses the storea log-in requests 
in accordance with said predetermined authorization neces- 
sary lor the request with respect to lollowing remote pro- 

. ( 22. A group certificate verification unit as set forth m 
claim 14, wherein it cooperates with a log file provided in 
said server, the log file recording a log of the session 
according to each said remote processing request for each of 
said users, each user being supervised based on the log. 
is 23. A group certificate verification unit as set forth in 
claim 22, wherein said temporary password for every said 
session is included in said log to identify the sessions. 

24. A group certificate verification unit as set forth in 
claim 14, wherein it cooperates with a group certificate 
temporary storing unit provided in said server, and, when the 
assignment of a plurality of different groups is enabled for 
one said user, it verifies said group certificates received from 
said client, stores them in the group certificate temporary 
25 storing unit, and switches and uses the stored group certifi- 
cates in accordance with said predetermined authorization 
necessary for the request with respect to the following 
remote processing requests. 



